]> git.ipfire.org Git - thirdparty/freeradius-server.git/commitdiff
projects / thirdparty / freeradius-server.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3e1a3ea)
we have one byte of option length, too
authorAlan T. DeKok <aland@freeradius.org>
Sun, 24 Jan 2021 13:09:13 +0000 (08:09 -0500)
committerAlan T. DeKok <aland@freeradius.org>
Sun, 24 Jan 2021 13:09:42 +0000 (08:09 -0500)
src/protocols/dhcpv4/decode.c patch | blob | blame | history
src/tests/unit/protocols/dhcpv4/vendor.txt patch | blob | blame | history

diff --git a/src/protocols/dhcpv4/decode.c b/src/protocols/dhcpv4/decode.c
index 271c53e02513b9b7bd0e0fe3ba75ec20381b1a00..dc94fa7b5e2da898ae4ecd05cf663af707230ec0 100644 (file)
--- a/src/protocols/dhcpv4/decode.c
+++ b/src/protocols/dhcpv4/decode.c
@@ -393,6 +393,7 @@ static ssize_t decode_value(TALLOC_CTX *ctx, fr_dcursor_t *cursor,
         *      attribute.
         */
        for (i = 0, p = data; i < values; i++) {
+               fr_assert((p + value_len) <= (data + data_len));
                len = decode_value_internal(ctx, cursor, parent, p, value_len);
                if (len <= 0) return len;
                if (len != (ssize_t)value_len) goto raw;
@@ -478,7 +479,7 @@ next:
        FR_PROTO_TRACE("decode context %s -> %s", parent->name, vendor->name);
 
        option_len = p[0];
-       if ((p + option_len) > end) {
+       if ((p + 1 + option_len) > end) {
                len = decode_raw(ctx, cursor, vendor, p[1], p, end - p);
                if (len < 0) return len;
 
diff --git a/src/tests/unit/protocols/dhcpv4/vendor.txt b/src/tests/unit/protocols/dhcpv4/vendor.txt
index 369b32db89abca03ea8e182f0335d7d455e63628..ab1d377ffd10301512b5f85fe882b80eb23ce474 100644 (file)
--- a/src/tests/unit/protocols/dhcpv4/vendor.txt
+++ b/src/tests/unit/protocols/dhcpv4/vendor.txt
@@ -19,5 +19,11 @@ match 7d 15 00 00 00 09 10 05 06 61 61 2e 74 78 74 05 06 62 62 2e 74 78 74
 encode-pair V-I-Vendor-Specific.ADSL-Forum.Manufacturer-OUI = 0x01, V-I-Vendor-Specific.ADSL-Forum.Device-Serial-Number = 0x02,  V-I-Vendor-Specific.ADSL-Forum.Device-Product-Class = 0x03
 match 7d 0e 00 00 0d e9 09 01 01 01 02 01 02 03 01 03
 
+#
+#  PEN + option_len, where option_len 09 > end of attribute
+# 
+decode-pair 7d 0d 00 00 00 09 09 05 06 61 61 2e 74 78 74
+match raw.V-I-Vendor-Specific.Cisco.5 = 0x08050661612e747874
+
 count
-match 12
+match 14
Mirror of https://github.com/FreeRADIUS/freeradius-server.git